• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • Jenkins 2.7.3
      sshd-module: 1.7

      SSHD is setup with unsecured cyphers like CBC (see https://www.kb.cert.org/vuls/id/958563). These cyphers should be removed.

      There is already a PR filed here: https://github.com/jenkinsci/sshd-module/pull/5. This will also need to be integrated in core hence this ticket.

          [JENKINS-39805] Remove unsafe cyphers of SSHD module

          Oleg Nenashev added a comment -

          Ideally also makes sense to add new Ciphers, but it is blocked by JENKINS-33021

          Oleg Nenashev added a comment - Ideally also makes sense to add new Ciphers, but it is blocked by JENKINS-33021

          Oleg Nenashev added a comment -

          The fix has been integrated into 3.34 as an RFE.
          If you consider it as a bug fix, please respond

          Oleg Nenashev added a comment - The fix has been integrated into 3.34 as an RFE. If you consider it as a bug fix, please respond

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          war/pom.xml
          http://jenkins-ci.org/commit/jenkins/8a2d2de2a346fa79c16cceadf38e90b1dc06ee36
          Log:
          JENKINS-39805 - Update SSH module to 1.8 (#2641)

          `the fix disables some obsolete protocols as per JENKINS-39805(https://issues.jenkins-ci.org/browse/JENKINS-39805): AES128CBC, TripleDESCBC.Factory(), and BlowfishCBC

          All changes: https://github.com/jenkinsci/sshd-module/compare/sshd-1.7...sshd-1.8

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: war/pom.xml http://jenkins-ci.org/commit/jenkins/8a2d2de2a346fa79c16cceadf38e90b1dc06ee36 Log: JENKINS-39805 - Update SSH module to 1.8 (#2641) `the fix disables some obsolete protocols as per JENKINS-39805 ( https://issues.jenkins-ci.org/browse/JENKINS-39805): AES128CBC, TripleDESCBC.Factory(), and BlowfishCBC All changes: https://github.com/jenkinsci/sshd-module/compare/sshd-1.7...sshd-1.8

          oleg_nenashev danielbeckallan_burdajewicz Maybe we should propose to backport it into 2.32.x (as it is a security fix/improvement). WDYT ?

          Arnaud Héritier added a comment - oleg_nenashev danielbeck allan_burdajewicz Maybe we should propose to backport it into 2.32.x (as it is a security fix/improvement). WDYT ?

            oleg_nenashev Oleg Nenashev
            allan_burdajewicz Allan BURDAJEWICZ
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: